Mobile terminals, such as mobile phones, laptop computers (colloquially known as laptops'), and PDAs, often contain sensitive data. The memory available in premium mobile phones today exceeds a hard disc size of a typical PC ten years ago. Today mobile phones can be used as audio, video and image storage, and as a calendar, a phone book, or a notepad. They may contain personal, company confidential, or other sensitive data. Until today, the interest in securing data stored in mobile phones against unauthorized use has been almost non-existent. Data security of laptops can be implemented by ciphering theirs hard disks, but very often the data security depends on physical access to the laptop. As mobile terminals have become smaller in size, they also became more prone to loss and theft.
Some mobile terminals may comprise dedicated processing units for telecommunication purposes and applications, but usually a plurality of similar processing units perform both functionalities. The processing units are typically controlled by a multi-tasking operating system, such as Symbian, Windows Mobile or Mobile Linux, and the like.
A memory used in a mobile terminal is termed in this application a Mobile Terminal Memory (MTM). The MTM can be expanded, for example, by connecting portable memory devices, Compact Flash cards, Secure Digital memory, and the like, into a mobile terminal. Memory cells included in the MTM are often based on Solid-state Flash technology. In addition or alternatively, the MTM may comprise a hard disk drive. The term MTM relates to any such memory device which is accessed by at least one mobile terminal. The term “access” should be construed to mean that data can be at least read from, and preferably written into the MTM.
Use of an MTM commonly requires that an appropriate file system driver is installed in a mobile terminal. The file system driver provides user access to data stored in the MTM.
An operating system of the mobile terminal commonly makes the MTM appear like file system similar to an ordinary disk drive. In almost all file systems, data is stored in blocks which are mapped to physical memory addresses, such as memory addresses of the MTM.
There exist encryption systems where encryption of data is performed using an encryption key. Correspondingly, the encrypted data is decrypted with a decryption key. Data stored in the mobile terminal can be encrypted either in a stream cipher mode or a block cipher mode.
In the block cipher mode the encryption is performed in a non-chaining manner or a chaining manner. In the non-chaining manner the encryption is independent from the results of the previous encryption operations, whereas in the chaining manner, previous encryption operations set a certain initial state for a subsequent encryption.
In the stream cipher mode, previous encryption operations set a certain initial state for a subsequent encryption. In other words, the subsequent encryption is dependent on results of the previous encryption operations.
By way of example, the following encryption methods are well known: TEA or 18Crypt for ciphering in the stream cipher mode, AES, DES, ECB, or XXTEA for ciphering in the block cipher mode in the chaining manner, and CBC, CBF, CBCC, or OFB for ciphering in the block cipher mode in the non-chaining manner.
In addition to mobile terminals, portable memory devices suffer from data security risks. Portable memory devices are also known as removable memory devices. A portable memory device (PMD) can be coupled to a mobile terminal, workstations, and other data processing equipment.
A USB memory device (colloquially known as a USB ‘stick’, disk on key, memory ‘stick’, and the like.) is a typical example of the PMD. USB memory sticks have replaced many floppy and CD-RW disks as removable media. Other kinds of PMDs are also known, such as Compact Flash cards Secure Digital memory sticks, and the like.
Memory cells included in a PMD are usually based on the Solid-state Flash technology. In this application the PMD means a memory device which can be removed from a computer or mobile terminal without tools.
Use of the PMD requires that an appropriate file system driver is first installed in the computer. After that the PMD is accessible through the computer. Like the MTM, the PMD usually appears to the user as an ordinary disk drive.
Commonly disk drives are formatted prior to storing file data thereupon. During formatting, a file system is created onto the disk. In Windows XP a typical file system is NTFS or FAT32, while in Linux EXT2 is common. In most file systems in common use today, a formatted disk drive file system contains an empty root directory. Then directories, subdirectories can be created on the disk drive and files can be stored in the created directories and subdirectories. It is important to understand that directories, files, and the like are conceptual groupings of data, organized into a file system by specifications and dully interpreted by a control program such as an operating system, and that the storage method within the device or disk drive may be organized independently of the data interpretation, while still falling under the scope of the present invention.
The term data link shall be used in this application to denote the broad concept of capacity to communicate data between at least two data processing capable units, over wired or wireless communication methods. The concept of a data link is immaterial of the specific communication protocol, physical medium, and method applied, and thus, by way of a non-limiting example extends to, all wired communication networks, a wireless network, such as a packet switched mobile data network usually referred as 2.5G, 3G or 3.5G mobile networks, or wireless IP networks such as Wi-Fi, WiMAX or any combination thereof n thereof, as well as to local data links such as USB, various serial and parallel communications links, IEEE1394, and the like. Similarly, it is noted that the term network should be given a broad spectrum to include all manners of communication media, including hardware and software, that will allow two computing devices to communicate there between By way of example, such networks include wired and wireless networks, cellular networks, satellite networks, packet switched networks, telephony networks, and they like.
PMDs are very practical in carrying personal or company data. Typical capacity of a flash-memory based PMD is 1-4 GB, but also 16 GB versions already exist, and capacities are expected to increase. The flash-memory based PMD is lightweight, small-sized, and has proven to be more reliable than its predecessors, floppy disks.
The invention relates in general to Local Memory Devices (LMD devices). Both MTM and PMD are examples of such LMD devices.
The prior art LMDs suffer from several problems. A data management problem is one those problems. The data management problem mostly concerns the PMDs but also the MTMs.
One common PMD data protection scheme involves setting an unprotected and a protected partition on the memory device. The unprotected partition contains a special driver through which the protected partition is accessible. When the special driver is installed (permanently of temporarily) in a computer, a user must input a correct password in order to access data stored on the protected partition.
Other protection methods exist, too, such as coupling a fingerprint reader into the PMD. Then the information of the PMD is accessible only after a detection of a correct fingerprint.
None of these methods protect the data in certain cases. By way of a simple example when an employee who properly received the device has left the company. The employee can still read the company confidential information stored in the PMD, although he/she may not be entitled to do so any more.
A basic problem related the prior art LMDs is data security. It is possible to use the strongest encryption method available. However, if an unauthorized person who wants to abuse encrypted information of an LMD has enough time and processing capacity, he/she can break the encryption of the information. Even the strongest encryption is breakable.
Most encryption methods are based on use of an encryption key. Some encryption methods, such as PGP, need two keys per a person. In more detail, the person has a private key and a public key. A known problem related to the encryption methods is key management, i.e. persons and organizations have difficulties to manage a number of encryption keys.
It should be noted that while there are numerous encryption methods, most of the methods diffuse the incoming data, i.e. changing one bit of input data causes a change to more than one bit of output data. As far as the invention is concerned, these encryption methods are of special interest. In fact all methods which have a property of diffusing data can be considered as encryption in the present context.